thinkphp中api接口数据安全解决方案之sign检验

我不是女神ヾ 2023-01-01 14:50 318阅读 0赞

### thinkphp中api接口数据安全解决方案之sign检验 ###

*   *  Aes加密解密类
     *  封装校验类ApiAuth.php
     *  Common类中调用校验方法
     *  抛出异常类ApiException
     *  app.php配置文件

## Aes加密解密类 ##

[点我查看][Link 1]

## 封装校验类ApiAuth.php ##

<?php
    
    namespace app\common\lib;
    
    use app\common\lib\Aes;
    
    
    class ApiAuth
    { 
    
        /* * 生成签名 */
        public static function setSign($data = [])
        { 
            //1 把数组按照字段你排序
            ksort($data);
            //2 将数组更改为拼接字符串的格式
            $sign_str = http_build_query($data);
            //3 通过aes加密
            return (new Aes())->encrypt($sign_str);
        }
    
        //校验签名sign
        public static function checkSign($data)
        { 
            //解密
            $str = (new Aes())->decrypt($data['sign']);
            if (!$str) { 
                return false;
            }
            //将字符串你转成数组格式
            parse_str($str, $arr);
            //比较
            if (!is_array($arr) || $arr['name'] != 'qipa250') { 
                return false;
            }
            return true;
        }
    }

## Common类中调用校验方法 ##

![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2d1b19xaWFuZ3FpYW5n_size_16_color_FFFFFF_t_70]  
在api模块的控制器中，建立公共的common类，别的类继承此类

<?php
    
    namespace app\api\controller;
    
    use app\common\lib\ApiAuth;
    use think\Controller;
    
    use app\common\lib\exception\ApiException;
    
    use app\common\lib\Aes;
    
    /* * api接口模块的公共控制器 */
    
    class Common extends Controller
    { 
    
        public function _initialize()
        { 
              $this->checkRequestAuth();    
        }
    
        //验证方法
        /* * 检查app每一次提交的数据是否合法 */
        public function checkRequestAuth()
        { 
    
            //验证header头的信息
            $header = request()->header();
            //halt($header);
    
    
            //sign 客户端工程师加密，服务端工程师解密
    
            //基础数据校验
            //如果sign不存在，报错
            if (empty($header['sign'])) { 
                throw new ApiException('签名不存在！');
            }
    
            if (empty($header['apptype'])) { 
                throw new ApiException('客户端不存在！');
            }
    
            //验证请求的app客户端是否合法
            if (!in_array($header['apptype'], config('app.apptypes'))) { 
                throw new ApiException('客户端不合法！', 400);
            }
    
            //校验sign
            $header_result = ApiAuth::checkSign($header);
            dump($header_result);
            die();
        }
    }

## 抛出异常类ApiException ##

![在这里插入图片描述][20210103160015451.png]

<?php
    
    namespace app\common\lib\exception;
    
    //引用异常类
    use think\Exception;
    
    
    //继承异常类
    class ApiException extends Exception
    { 
        //自定义http状态码
        public $message = '';
        public $httpCode = 400;
        public $code = 0;
    
        /* * 渲染抛出异常的状态码和信息 */
        public function __construct($message = "", $httpCode = 0, $code = 0)
        { 
            $this->message = $message;
            $this->httpCode = $httpCode?:400;
            $this->code = $code;
        }
    }

## app.php配置文件 ##

![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2d1b19xaWFuZ3FpYW5n_size_16_color_FFFFFF_t_70 1]

<?php
    
    return [
        'admin_password_pre' => '_qipa250',//后台管理员密码加密后缀
        'aeskey' => 'QiPa250',//aes 密钥，服务端和客户端保持一致
        'aesiv' => '12345678901234567890123456789012',//aes iv，服务端和客户端保持一致
        'apptypes' => ['ios', 'android', 'wechat'],
    ];

postman请求，返回true 表示签名验证成功

![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2d1b19xaWFuZ3FpYW5n_size_16_color_FFFFFF_t_70 2]返回false，表示签名验证失败  
![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2d1b19xaWFuZ3FpYW5n_size_16_color_FFFFFF_t_70 3]

[Link 1]: https://blog.csdn.net/guo_qiangqiang/article/details/112134723
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2d1b19xaWFuZ3FpYW5n_size_16_color_FFFFFF_t_70]: /images/20221120/6e430d443d0a4ea4b93a7dde2bae71ca.png
[20210103160015451.png]: /images/20221120/f017869cd6394a218908ffe3cc65a4a4.png
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2d1b19xaWFuZ3FpYW5n_size_16_color_FFFFFF_t_70 1]: /images/20221120/c466a4146abf430ba89608a9ab2eb6b7.png
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2d1b19xaWFuZ3FpYW5n_size_16_color_FFFFFF_t_70 2]: /images/20221120/08fcaac27e1a4a209a3118ab646f8686.png
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2d1b19xaWFuZ3FpYW5n_size_16_color_FFFFFF_t_70 3]: /images/20221120/1657fe00944c4aa5ae963fa7f1316f8b.png